Ok let me give some few more details:
Box A:
- m0n0wall 1.1b15 with static IP (ADSL termination with static DHCP
assignement).
- IPsec configured to allow mobile client.
- pre-shared key configured to match box B.
Box Z:
- m0n0wall 1.1b15 with dynamic IP (also ADSL).
- IPsec configured to build a tunnel to box A.
What happens:
- if we use "IP address" as identity (in tunnel config and pre-shared key)
box A does not recognize the remote identity and therefore cannot find the
matching PSK.
- if we use "domain name" as identity phase-1 comes up and that's it (no
phase-2 negotiation).
- I even tried to set into the PSK 0.0.0.0 as remote identity...
Any idea ?
regards
------------------------------------------------------------------
Daniele Guazzoni
Network & System Engineer
Cisco Certified Network Professional
E-Mail: daniele dot guazzoni at gcomm dot ch
Web: http://www.gcomm.ch
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
William Jennings Bryan